President given “broad authority” to order cyber attacks

All he needs is credible evidence of a pending attack.

The New York Times reports that a secret White House legal review has cleared the way for preemptive cyber attacks if the president determines there is credible evidence of a pending attack. Officials who had been involved in the review told The Times' David Sanger and Thom Shanker that the new rules give the president "broad power" to order computer-based attacks on adversaries that disrupt or destroy their systems, without requiring a declaration of war from Congress. The rules also govern how intelligence agencies can monitor networks for early warnings of imminent attacks, and when the Department of Defense can become involved in dealing with domestic network-based attacks.

The rules will leave the Department of Homeland Security and FBI responsible for defending US government and commercial networks from attack up to a certain threshold—the exact nature of which is being kept secret—after which the Department of Defense would become involved. The DoD would only be allowed to take offensive action with direct presidential approval.

News of the ruling comes on the heels of reports of major computer-based attacks on the New York Times, the Wall Street Journal, and the Washington Post, all of which were attributed to state-sponsored hackers in China.

So far, the only software-based attack that has been attributed to the US (though never officially acknowledged by the US government) has been the Stuxnet virus, which was reportedly codeveloped with Israeli intelligence to disable production equipment in an Iranian nuclear facility. Other sophisticated malware attacks, such as Flame, Duqu, and Gauss have not been definitively tied to the US, but analysts at Kaspersky Labs and other antivirus and network security firms have described them as "state-sponsored."

The phrase "new rules" doesn't mean much. Powers to launch a cyber attack have always existed. There are very few international laws regarding cyber warfare. The only thing remotely new is the internal legal review confirming existing legal thought.

This probably means that those who are behind the 'pending' attack will be classed as enemy combatants, including those Anonymous idiots which means an all out air strike on some Anonymous members home...ok just kidding about the air strike... but it may mean they can be treated as enemy combatants. Guantanamo bay meet Anonymous, Anonymous meet Guantanamo bay, or worse run into a military member who has a sworn obligation to engage enemy combatants and will do so, ok, we can wish can't we

Sounds like the executive branch is looking for some cover, eventually all the cyber stuff we've been doing to Iran is gonna come to light.

Am i the only person who can come up with maybe a handfull of reasons for pre-emptive war?? Haven't we learned that the term "pre-emptive" is usually reserved for conflicts that our administration can't justify? In my opinion the first question when pre-emptive strike is brought up should be "can this country attack us seriously, can they project there force enough to cause any real concern, do they have a viable navy & air force.......

There is not a country in the middle east that meets these requirements, including israel....

The Constitution intended that Congress declare war. Presidents have tried all sorts of end runs around that requirement, eventually results in the most recent "War Power Resolution of 1973" an attempt to rein in the Executive (some might argue a not terribly successful attempt).

I can see some forms of cyber attacks being clearly under the purview of the CIA/NSA. For example cracking systems to gain intelligence. But imagine some future president decides to take down the Iranian electrical grid, or take GLONASS offline. Those are serious acts that could have far reaching real world consequences. The targets could easily consider them to be acts of war.

So color me less than enthused that the Executive is attempting to expand its war powers yet again. Acts of war are acts of war, whether carried out with bombs and tanks, or electrons.

Let me put on my tin foil hat for a second...Combine this with the recent "attacks" against NYT and now apparently the WSJ as well, could we be seeing the efforts to start a cyber war with China? Plant some fake security breaches, blame it on a country that owns a nice chunk of our debt, give the POTUS clearance for more of our infamous pre-emptive strikes...Seems like a recipe for a conspiracy theory.

This is not surprising at all considering the U.S. has been performing "preemptive strikes" on humans using UAVs within non-war zone areas for years -- eg: Pakistan. They can take out human targets without having to declare war, all neat and tidy in the political sense.

The US is adapting. Congress is designed to be slow and inefficient, and that cripples the US in cyber warfare. I can see this as a necessary evil, however, the broadly defined term "attack" does not bode well for the less intelligent among Anonymous. Theoretically, if Anonymous wrote a script to gain 100k signatures for a bs petition, that could be considered an attack.

Let me put on my tin foil hat for a second...Combine this with the recent "attacks" against NYT and now apparently the WSJ as well, could we be seeing the efforts to start a cyber war with China? Plant some fake security breaches, blame it on a country that owns a nice chunk of our debt, give the POTUS clearance for more of our infamous pre-emptive strikes...Seems like a recipe for a conspiracy theory.

I feel that's a bit silly. If the POTUS really wanted to hurt China all he'd have to do is renege on the debt. Sure it would hurt our "credit rating" but China will have lost actual money. Not that it really matters, for all intents and purposes, money at that level is imaginary.

Let me put on my tin foil hat for a second...Combine this with the recent "attacks" against NYT and now apparently the WSJ as well, could we be seeing the efforts to start a cyber war with China? Plant some fake security breaches, blame it on a country that owns a nice chunk of our debt, give the POTUS clearance for more of our infamous pre-emptive strikes...Seems like a recipe for a conspiracy theory.

I feel that's a bit silly. If the POTUS really wanted to hurt China all he'd have to do is renege on the debt. Sure it would hurt our "credit rating" but China will have lost actual money. Not that it really matters, for all intents and purposes, money at that level is imaginary.

Except interest rates would skyrocket here and the stock market, including all of our 401ks would tank.

Let me put on my tin foil hat for a second...Combine this with the recent "attacks" against NYT and now apparently the WSJ as well, could we be seeing the efforts to start a cyber war with China? Plant some fake security breaches, blame it on a country that owns a nice chunk of our debt, give the POTUS clearance for more of our infamous pre-emptive strikes...Seems like a recipe for a conspiracy theory.

I feel that's a bit silly. If the POTUS really wanted to hurt China all he'd have to do is renege on the debt. Sure it would hurt our "credit rating" but China will have lost actual money. Not that it really matters, for all intents and purposes, money at that level is imaginary.

Except interest rates would skyrocket here and the stock market, including all of our 401ks would tank.

Agreed, the markets are intertwined internationally and if the US did as suggested we would have alot more than 401k's to worry about.

Personally I would love to see the market tank again, lot's of low hanging fruit to buy - solid companies below book value. If the conditions were catastrophic, however, it could be very hard to evaluate risk.

I have a great idea. All weapons of war should be banned and destroyed immediately. When countries have a dispute, they can blow each other's brains out online and save the whole world a truckload of heartache.

Let me put on my tin foil hat for a second...Combine this with the recent "attacks" against NYT and now apparently the WSJ as well, could we be seeing the efforts to start a cyber war with China? Plant some fake security breaches, blame it on a country that owns a nice chunk of our debt, give the POTUS clearance for more of our infamous pre-emptive strikes...Seems like a recipe for a conspiracy theory.

I feel that's a bit silly. If the POTUS really wanted to hurt China all he'd have to do is renege on the debt. Sure it would hurt our "credit rating" but China will have lost actual money. Not that it really matters, for all intents and purposes, money at that level is imaginary.

Except interest rates would skyrocket here and the stock market, including all of our 401ks would tank.

I hope this doesn't come off as argumentative (it's hard to convey tone in text sometimes) but by what mechanisms would interest rates/stocks/401ks be affected?

If more victims would speak up you would see this from a different perspective. It's not new, it's just new to you.

I believe Israel won't hesitate to bomb Iran if that's what it takes to insure their survival. They already assassinate Iranian scientists on their way to work. The cyber attack against Iran actually deferred a war.

"I have a great idea. All weapons of war should be banned and destroyed immediately. When countries have a dispute, they can blow each other's brains out online and save the whole world a truckload of heartache. "

Let's be clear that what's on the table here isn't just damaging or corrupting a computer systems or causing "virtual" damage.

Computer systems control almost all of our vital infrastructure. When misconfigured they can cause billions in real world damage, and the knock-on effects could cause significant human suffering and death. Imagine for instance a coordinated attack designed to damage a country's electrical grid. Depending on the level of success of such an effort, the attacker could conceivably create a blackout lasting weeks or more.

It sounds like this basically extends to cyber tools the same authority the President has over the military.

I have no issue with that alone. But I really don't think the President should have quite as much latitude as he even has now without a declaration of war--except as a defensive response to an attack (including a true pre-emptive offense, not an imagined maybe-they'll-attack-someday pre-emption). And Congress should have the authority to order the President to stand down without just cutting funding.

We need to get back to having a Department of War and not this Department of Defense bullshit. They've way overstepped their bounds. We aren't defending against a goddamn thing but lower corporate profit margins. The DoD hasn't actually defended anything being attacked ever that I can think of. It's always been some preemptive bullshit and general warmongering they've engaged in. We need to also get back to no standing Army as well, the Constitution says you can't. I wonder if we didn't have a standing Army would we be involved in all the bullshit we are now considering that we've been the aggressor for the last 50 years or so.

Let me put on my tin foil hat for a second...Combine this with the recent "attacks" against NYT and now apparently the WSJ as well, could we be seeing the efforts to start a cyber war with China? Plant some fake security breaches, blame it on a country that owns a nice chunk of our debt, give the POTUS clearance for more of our infamous pre-emptive strikes...Seems like a recipe for a conspiracy theory.

I feel that's a bit silly. If the POTUS really wanted to hurt China all he'd have to do is renege on the debt. Sure it would hurt our "credit rating" but China will have lost actual money. Not that it really matters, for all intents and purposes, money at that level is imaginary.

Except interest rates would skyrocket here and the stock market, including all of our 401ks would tank.

I hope this doesn't come off as argumentative (it's hard to convey tone in text sometimes) but by what mechanisms would interest rates/stocks/401ks be affected?

Its been a while since I have delt with this field so I will try and stick to high level ideas. I am also hoping anyone who reads something that doesnt pass the sniff test will correct me.

In general, especially with anything stock market/401K/traded product related, the value is mostly derived by investor confidence of future payoff. Financials play a key role in this, (solid financials, ratios, market expectations, etc) help 'improve confidence'.

Despite everything happening globally, the US still has a relatively high confidence level for investment. A key part of this is our legal and judiciary system. Taking things to court here is more likely to produce a "fair" outcome than a court of a developing nation. (again, high level theories, not specifics). In general, its easier to make good on a deal here than elsewhere.

If the US defaults on its debts, it crashes investor confidence, both foreign and domestic. The attached stigma will bleed over to US based companies, US products, US buyers, etc.

Think about a traditional loan with property as collateral. If you default, you have to give up that collateral as per your loan documents. In this scenario, if the US defaults, some kind of collateral or 'punishment' should be expected. (I am not saying the US has land as collateral to China. This is an example). The lack of punishment is contra to having a well established legal/judiciary system. In this example, the world would view China as the good guy.

All in all, dont take money you cant pay back. Make good on your debts, etc.

Would China be affected by the US defaulting. Sure, kinda. Its hard to tell what that effect would be in a 1) state owned and operated setup and 2) a country that does a LOT of manipulation to control the exchange rate of its currency.

I hope that helps? Again its been years and years and yeares since I have read up on this so I will freely concede points that dont pass the sniff test.

I don't think this kind of power should rest in the hands of one man. Besides don't we already have the Air Force's Cyber Command? Isn't that enough? I can''t help but feel that with growing amount of unease in America coupled with wide ranging Government powers (some may argue, fueled by corporate and private concerns) that things are achieving an ever quickening pace towards civil unrest.

I think it's in my best interests to follow what this administration does very closely. Not with a tin foil hat mind you, but as a concerned citizen.

I must admit, after the last episode of Person of Interest, then reading this news, I'm curious if the government has stocks of nasty "cyberweapons" just sitting around ready to be "launched", or if most are specifically designed for a certain target.

Since we all know the MAFIAA buys off Government with Donations and Lobbyists spouting lies do you think President Corrupt Insertname will Order TPB and others to be Nuked !I can just see it now says the Insane Conspiracy Theorist Brain.

Sure. Let's hope that there will be overwhelming, UNNEEDED violence. KILL 'EM ALL! KILL 'EM ALL! Burn down the cities! UNLEASH THE MOAB! (http://en.wikipedia.org/wiki/GBU-43/B_M ... Blast_bomb) Hey you! Yeah, you, 14 year old kid with nary a understanding of what they are truly doing? WATERBOARD! Hell, Let's bring back the good old days! I'm sure we can setup a digital auto-rack so humans don't get involved with their morality and such. Stretch em til they break! >.> That's what your type of thinking leads to.

SaddleUp wrote:

This probably means that those who are behind the 'pending' attack will be classed as enemy combatants, including those Anonymous idiots which means an all out air strike on some Anonymous members home...ok just kidding about the air strike... but it may mean they can be treated as enemy combatants. Guantanamo bay meet Anonymous, Anonymous meet Guantanamo bay, or worse run into a military member who has a sworn obligation to engage enemy combatants and will do so, ok, we can wish can't we

Sean Gallagher / Sean is Ars Technica's IT Editor. A former Navy officer, systems administrator, and network systems integrator with 20 years of IT journalism experience, he lives and works in Baltimore, Maryland.